[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More sorbs blacklisting [signed]

On Tue, Jun 20, 2006 at 09:47:39AM +0200, Andreas John wrote:
> >1) strict DNS checks (matching forward/reverse)
> I understand that checking for the existence of a reverse mapping may be 
> a clever thing, but the reason for forward/reverse matching is not 
> obvious to me: Imagine a user who only has one public IP at his 
> "all-in-one" mail-web-server. His reverse is www.mydomain.tld to make 
> people with traceroute happy, but his mx is mx1.mydomain.tld. To get 
> through your spamfilter, the reverse has to be changed to 
> mx1.mydomain.tld - that looks not nice in the traceroute ...

I have personally never seen a reasonably configured server reject mail on
such scenarios. Actually all of the servers that I administer have a
different MX name pointing to them than what is their reverse.

I think the real point is that the MX must have a reverse name and the
reverse name must point to the same IP address. The whole setup smells like
a forgery if this is not the case.

(And no, I do not use www.something as the reverse but something that
actually identifies the host. Web hosts move every now and then but
hostnames are likely to stay the same for a long time.)

Attachment: signature.asc
Description: Digital signature

Reply to: